CVE-2026-29167

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

EUVD-2026-35086

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

PT-2026-47313

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A Use After Free issue exists in Apache HTTP Server when using mod ldap in per-directory configuration. Use After Free occurs when an application continues to use a pointer after it...

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

EUVD-2026-30592

phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privileges. Attackers with valid frontend user accounts can access...

jetAudio jetCast Server 安全漏洞

The jetAudio jetCast Server is a multimedia player server developed by the jetAudio company. Version 2.0 of the jetaudio jetCast Server has a security vulnerability. This vulnerability stems from a log directory configuration field that contains a denial-of-service vulnerability, which could allo...

EUVD-2026-9096

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

ROS-20251105-09

Zabbix universal monitoring system vulnerability is related to authorization errors. Exploitation vulnerability can allow a remote attacker to gain unauthorized access to protected information. protected information Vulnerability of Zabbix universal monitoring system is related to a logical error...

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

Vulnerabilities fixed in Ipswitch WhatsUp Gold

Ipswitch has fixed vulnerabilities in WhatsUp Gold Versions before 2024.0.2 and earlier. The vulnerabilities are in versions of WhatsUp Gold before 2024.0.2. An authenticated user could misuse a specific HTTP call, which could lead to the disclosure of sensitive information and compromise data...

Host Active Directory Configuration (Linux)

Binary data hostadconfiglinux.nbin...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

CVE-2021-20030

SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files...

Updated apache packages fix security vulnerability

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

CVE-2021-42013

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...

ASUS BMC Firmware Buffer Overflow Vulnerability (CNVD-2021-39581)

ASUS BMC Firmware is a firmware from Asus China. A buffer overflow vulnerability exists in the ASUS BMC firmware Web management page, which originates from the Active Directory configuration function not validating the length of a string entered by a user, and can be exploited by a remote attacke...

CVE-2021-28197 ASUS BMC's firmware: buffer overflow - Active Directory configuration function

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service...

ASUS BMC Firmware 安全特征问题漏洞

ASUS BMC Firmware is a firmware from Asus China. A security signature issue vulnerability exists in the ASUS BMC firmware Web management page, which originates from a buffer overflow vulnerability due to the Active Directory configuration function not validating the length of a string entered by ...

The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package on the SUSE Linux Enterprise operating system allows a hacker to gain increased privileges.

The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package in the SUSE Linux Enterprise operating system is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...